Mailscanner Version 4.71.10-1 / ClamAV 0.94 infection reporting.
Julian Field
MailScanner at ecs.soton.ac.uk
Fri Sep 5 22:17:33 IST 2008
Alex Broens wrote:
> On 9/5/2008 10:55 PM, Julian Field wrote:
>> Try the attached SweepViruses.pm.
>> It will only help if the log output contains the attachment log entry
>> first, followed by the message log entry. If it's the other way
>> around, I can't suppress the message log entry on the basis that an
>> attachment log entry may appear afterwards.
>> If you have any better ideas on how to predict what may be logged in
>> the future, I'm all ears :-)
>
> __
> Sep 5 23:04:16 ms1 MailScanner[25357]: Clamd::INFECTED::
> Eicar-Test-Signature :: ./411661008C85.5B8DE/eicar_com.zip
> __
>
> maillog / clamd look GOOD
> Mailwatch agrees with one line /entry
>
>
> Now, can you do the magic on esets? :-)
>
> here's what its doing.
> I tried fiddling with the log formating in esets.cfg but have the
> feeling its being ignored.
>
> __
> Sep 5 23:04:17 ms1 MailScanner[25357]:
> name="./411661008C85.5B8DE/eicar_com.zip", threat="Eicar test file",
> action="", info=""
> Sep 5 23:04:17 ms1 MailScanner[25357]:
> name="./411661008C85.5B8DE/eicar_com.zip » ZIP » eicar.com",
> threat="Eicar test file", action="", info=""
> __
>
Not if it's logging in that order, as I need to log the eicar.com entry,
but I can't predict it's going to be there from the eicar_com.zip log
entry. That requires crystal balls :-)
> thanks
>
> Alex
>
>
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list